‘They’re still there, and we have yet to figure out a way to kick them off,’ he said.
Sen. Mark Kelly (D-Ariz.) told attendees of the McCain Institute’s Sedona Forum on May 3 that the Chinese communist regime still has access to the nine U.S. telecommunication companies hacked into in December 2024 during the Salt Typhoon cyber intrusion coordinated by the Chinese Ministry of State Security.
“They did it in such a way that it was very hard for us to detect that they were there and not done through the typical way that you would do something with malware,” he explained to the panel moderator.
“It was done through access to routers and using a lot of sophisticated techniques, and it was the, as you mentioned, the Chinese Ministry of State Security that coordinated this operation. They’re still there, and we have yet to figure out a way to kick them off.”
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) identified the hacks in October of 2024 and began an investigation.
CISA Executive Assistant Director for Cybersecurity Jeff Greene said on Dec. 3 that he didn’t have a timeline on when Chinese Communist Party (CCP)-backed hackers could be purged from U.S. telecom networks.
“It would be impossible for us to predict when we’ll have full eviction,” Greene said at the time.
On Dec. 4, 2024, the Biden administration revealed that at least eight U.S. telecommunication companies had been compromised by the Chinese state-sponsored hackers, with the threat group Salt Typhoon believed to have hacked into communications of senior U.S. government officials.
By Dec. 27, the number of compromised telecommunication companies had increased to nine.
Kelly sits on the Senate Intelligence Committee and told the audience that rebuilding the United States’ telecom infrastructure in order to prevent hackers from gaining access continues to be a topic of conversation among his fellow committee members.
One of the issues with the nation’s current telecommunication infrastructure is how organically it developed over time.
“Somebody built a system, somebody improved that system,” Kelly said. ”They added technology to it, and today we have this collaged together systems of multiple companies using different kinds of equipment that are easily accessible from our adversaries, and they’re able to, if they know who you are, know your phone number, and they want to get access to some of your information, they today can probably do that, including voice calls.”
Meanwhile, the Volt Typhoon threat group had been targeting U.S. critical infrastructure since 2021, and CISA confirmed that hackers had maintained “access and footholds within some victim IT environments for at least five years.”
Volt Typhoon was reported to be dismantled in January 2024 but Kelly said the CCP’s Ministry of State Security “still have access into some of these systems,” and emphasized that the security risks such infiltration poses to the nation’s ability to mobilize against communist China.
He and his fellow panelists, Sue Gordon, former principal deputy director of national intelligence, and Frances Fragos Townsend, former counterterrorism and homeland security advisor, stressed the need for the federal government to lead the way in developing the necessary cybersecurity. They also stated that there is still no clear definition of when a cyberattack is considered an act of war.
In the meantime, the senator advised the crowd on how to proceed with their telecommunications.
“If you’re in any kind of sensitive position, just be aware that there are folks that are gathering information on you that want to know who all your connections are, that in a lot of cases, there are probably people in this room that foreign adversaries have access to your cell phone and you do not know it,” he said. “There are ways to kick them off. The easiest way is [by] keeping your software up to date and turning the phone off.”
Frank Fang contributed to this report.